[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [2/4] [NET]: Update net-gso.patch

Hi:

[NET]: Update net-gso.patch

New changeset merged upstream:

    [TCP]: Reset gso_segs if packet is dodgy

    I wasn't paranoid enough in verifying GSO information.  A bogus gso_segs
    could upset drivers as much as a bogus header would.  Let's reset it in
    the per-protocol gso_segment functions.

    I didn't verify gso_size because that can be verified by the source of
    the dodgy packets.

    Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>

Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
diff -r 617e4d3351f3 -r f6806ad757d5 patches/linux-2.6.16.13/net-gso.patch
--- a/patches/linux-2.6.16.13/net-gso.patch     Fri Jun 30 22:12:59 2006 +1000
+++ b/patches/linux-2.6.16.13/net-gso.patch     Fri Jun 30 22:16:02 2006 +1000
@@ -2225,7 +2225,7 @@ index d64e2ec..7494823 100644
        err = ipcomp_compress(x, skb);
        iph = skb->nh.iph;
 diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
-index 00aa80e..84130c9 100644
+index 00aa80e..30c81a8 100644
 --- a/net/ipv4/tcp.c
 +++ b/net/ipv4/tcp.c
 @@ -257,6 +257,7 @@ #include <linux/smp_lock.h>
@@ -2281,7 +2281,7 @@ index 00aa80e..84130c9 100644
  
                        from += copy;
                        copied += copy;
-@@ -2026,6 +2021,71 @@ int tcp_getsockopt(struct sock *sk, int 
+@@ -2026,6 +2021,77 @@ int tcp_getsockopt(struct sock *sk, int 
  }
  
  
@@ -2306,12 +2306,18 @@ index 00aa80e..84130c9 100644
 +      if (!pskb_may_pull(skb, thlen))
 +              goto out;
 +
-+      segs = NULL;
-+      if (skb_gso_ok(skb, features | NETIF_F_GSO_ROBUST))
-+              goto out;
-+
 +      oldlen = (u16)~skb->len;
 +      __skb_pull(skb, thlen);
++
++      if (skb_gso_ok(skb, features | NETIF_F_GSO_ROBUST)) {
++              /* Packet is from an untrusted source, reset gso_segs. */
++              int mss = skb_shinfo(skb)->gso_size;
++
++              skb_shinfo(skb)->gso_segs = (skb->len + mss - 1) / mss;
++
++              segs = NULL;
++              goto out;
++      }
 +
 +      segs = skb_segment(skb, features);
 +      if (IS_ERR(segs))

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.